Is there a way to review CVE-2016-10009 priority in Ubuntu? According to https://www.cvedetails.com/cve/CVE-2016-10009/ it has CVSS Score of 7.5 (High) and is easily exploitable. It is a remote code execution vulnerability in one of the components (openssh server) that are commonly exposed to outside world.
Currently no LTS version of Ubuntu is PCI DSS compliant because this bug is not fixed. As using a non-LTS version on production servers might not be an option for many companies this renders Ubuntu server unusable for them. Ignoring a remote code execution vulnerability with CVSS score of 7.5 is bad security practice unless there is a reason that makes the vulnerability unusable as provided in #3 for other CVEs. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1732172 Title: [CVE] Security Vulnerabilities in OpenSSH on Ubuntu 14.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1732172/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
